Dear Apple Developer Support, I would like to request a technical escalation to the engineering team regarding an ongoing issue with Apple Pay domain verification. Error returned by Apple Even though Apple’s request to our domain returns HTTP 200, the verification still fails with: resultCode: 13014 resultString: "Domain verification failed. Review your TLS Certificate configuration to confirm that the certificate is accessible and a supported TLS Cipher Suite is used." requestUrl: https://developer.apple.com/services-account/QH65B2/account/ios/identifiers/verifyDomain TLS Certificate Validation We performed a full TLS analysis: Certificate issued by Sectigo Public Server Authentication CA DV E36 (public trusted CA) Full and correct certificate chain No handshake errors Configuration fully valid SSL Labs rating: A From our side, the TLS configuration is confirmed to be correct. Accessibility of the .well-known file The file is publicly and accessible It returns 200 OK and the content is exactly identical to the file downloaded from the Apple Developer Portal, without any modification. Our network team confirmed that Apple’s verification request also receives HTTP 200 when pressing “Verify” in the Apple Developer Console. Network-side findings We monitored Apple’s request in real time. Findings: TLS handshake succeeds No cipher mismatch File delivered correctly Status: 200 OK No redirect or transformation applied Despite this, Apple still returns error 13014. Request for engineering review We kindly request that an Apple engineer verify the following: The actual TLS handshake performed by Apple's verification service (cipher suite, protocol negotiation, SNI, trust chain). Whether the Sectigo issuing CA is fully trusted and supported by your domain-verification backend. If there is an internal reason behind error 13014—since the external message does not provide actionable details. Whether the response is rejected for reasons other than TLS, given that the file is accessible and the request returns 200. The exact condition that leads Apple to report “TLS Certificate configuration is incorrect” in this case. This issue is blocking an urgent deployment and must be resolved as soon as possible. Existing case reference Case ID: 102760005987 We are fully available to provide: full response headers packet captures (PCAP) SSL/TLS diagnostics file integrity checks server configuration details or join a technical call (Teams / WebEx) Thank you in advance for the escalation. Andrea

Cybersource production support has clarified issue as below "On the BAD Case, it seems that the Apple Payload did not contain the "onlinePaymentCryptogram" object within the JSON. The Cryptogram is critical and mandatory. Since the merchant cannot really control this, and since CYBS is just decrypting the payload and uses it, we cannot comment as to why it was missing. The merchant would need to reach out to Apple and/or decrypt the payment themselves locally to check if and why this data was not present, for troubleshooting purposes."

Cybersource production support has clarified issue as below "On the BAD Case, it seems that the Apple Payload did not contain the "onlinePaymentCryptogram" object within the JSON. The Cryptogram is critical and mandatory. Since the merchant cannot really control this, and since CYBS is just decrypting the payload and uses it, we cannot comment as to why it was missing. The merchant would need to reach out to Apple and/or decrypt the payment themselves locally to check if and why this data was not present, for troubleshooting purposes."

Hello, we develop a banking app and have successfully provisioned our cards (they are in the Wallet). But the method passes() of PassKit library always returns empty list. What may be the reason of this? Thanks.

Our company sells insurance and we'd like to offer annual renewals via Apple Pay on the Web. Most of the docs seem to point towards using recurringpaymentrequest but this method required an amount value which would only be calculated at renewal time. It appears that Shopify is doing something akin to what we want where they do auto payments so my question is can we do annual payments with unknown renewal prices with Apple Pay for Web ? What we cannot do is show the renewal price like this as it being insurance is almost certain to change. This is our current code which works but won't get past the regulator. const applePayPaymentRequestAnnual = { countryCode: 'GB', currencyCode: 'GBP', supportedNetworks: ['visa', 'masterCard'], merchantCapabilities: ['supports3DS'], requiredBillingContactFields: ['postalAddress', 'email'], requiredShippingContactFields: ['phone'], recurringPaymentRequest: { paymentDescription: 'Annual Insurance Renewal', regularBilling: { label: 'Annual Renewal Premium', amount: price, paymentTiming: "recurring", recurringPaymentIntervalUnit: "year", recurringPaymentStartDate: year + "-" + month + "-" + day + "T00:00:00.000Z", type: 'final' }, managementURL: window.location.protocol + '//' + window.location.host + '/manage-policy', tokenNotificationURL: window.location.protocol + '//' + window.location.host + '/apple-pay-notifications' }, lineItems: [{ label: alabel, amount: price, }], total: { label: alabel, amount: price, type: "final" }, }

Hello, I’m experiencing a strange issue with a newly created Subscription Group in my iOS app. For all my existing subscription groups, everything works perfectly — initial purchase, renewals, cancellations, all notifications arrive normally. But for this one newly created group, the first purchase never triggers any server notification from App Store Server Notifications (ASSN). ⸻ 📘 Problem Summary • I created a new Subscription Group in App Store Connect. • The products are all Approved and Published for over a week. • Users can successfully purchase the subscription in production. • The purchase is shown as Purchased in the App Store purchase UI. • The receipt can be fetched locally on device. • But my server receives no notifications, including: • DID_RENEW • DID_CHANGE_RENEWAL_STATUS • SUBSCRIBED • ONE_TIME_CHARGE • CONSUMPTION_REQUEST • etc. The old subscription groups still send notifications normally, so the notification URL and server infrastructure are correct.

Scenario User is actively subscribed to Monthly Package From the Device App (Manage Subscriptions), user upgrades to Yearly Package Purchase completes successfully on device Issue Do not receive any server notification for this action Month Package Purchase Date: 2025-11-11 19:06:45.537 +0600 Month to Yearly Upgradation Date: 2025-12-11 paymentReferenceId: 510002270528780

Bank Accounts details are outdated and status is stack on processing with error: "Your banking updates are processing, and you should see the changes in 24 hours. You won't be able to make any additional updates until then." This is now stack for a few years since we activated a previous Apple developer account. we must change banking details as it holds up development of an app with in-app purchases. Finance department has been contacted and they do not answer What shall we do? senior support staff keep referring to finance department and is not helping

Two subscriptions, Plus and Max, are under the same subscription group, with Max having a higher tier than Plus. Promotional Offers for Max are configured in Apple Store Connect. When a user subscribes to Plus and then upgrades to Max using Promotional Offers, they are prompted with "Upgrade upon expiration" (Figure 1); if they don't use Promotional Offers, they are prompted to "Upgrade immediately" (Figure 2). Question 1: What is the situation with the "upgrade upon expiration" message in Figure 1? Is upgrading using Promotional Offers special? I couldn't find any relevant explanation in Apple's technical documentation. Question 2: Figure 1 shows an "upgrade upon expiration," but after subscribing, the webhook still shows the subscription start time as the current time, meaning the upgrade hasn't started immediately. Is the message incorrect?

Hi everyone, I have a question regarding App Store approval. In my country, Apple In-App Purchases are not supported, so for users in unsupported regions we need to use a third-party payment provider. For countries where In-App Purchases are supported, we plan to use Apple IAP. Could you please advise on the correct approach to ensure the app complies with App Store guidelines and can be approved?

Hello, Apologies if this has been asked before but I have a website that takes subscriptions and payments through PayPal. It's a platform where authors can sell ebooks and anyone who purchaes an ebook, the money goes pretty much directly from the buyer's PayPal to the seller PayPal through the use of PayPal Multiparty where my platform acts as a third party that takes a fee. I'm currently building a React-Native app for my website and coming close to needing to integrate payment solutions. As far as I'm aware, Apple only allows Apple Pay payments for IAP and subscriptions? How would this work for my model? Can I integrate PayPal into Apple Pay like I do with my website? If not, what's the alternative?

Hi, When I try to add a card to wallet, I get this PKPassKitErrorDomain Code=2 error from my logs, and from the SysDiagnose, I get some more detailed error log Error details: Date: December 15, 2025 Time: 15:16 UTC Request URL: https://nc-pod9-smp-device.apple.com:443/broker/v4/devices/041B4183BA1490022104102123315131EBFE2BE7… Response: HTTP Status: 500 – Internal Server Error Time profile: 0.505452 seconds Response headers: Server: Apple Content-Type: text/html X-Content-Type-Options: nosniffStrict-Transport-Security: max-age=31536000; includeSubdomainsDate: Mon, 15 Dec 2025 15:16:59 GMT X-Frame-Options: SAMEORIGIN X-XSS-Protection: 1; mode=blockCross-Origin-Opener-Policy: same-origin Content-Length: 170 Connection: close Response body: Anyone have faced this problem before?

Recently, we completed a merger with our parent company. We are currently integrated with Apple Pay in accordance with the “Apple Pay Payment Processing on the Web” guidelines. Due to the change in the legal entity, we proceeded with the account migration process as outlined below: Creation of a new Apple Developer account and a new Apple Pay Identifier Removal of the Merchant Domain (dc2-web.happy.co.kr) from the existing Identifier Registration of the Merchant Domain (dc2-web.happy.co.kr) under the new Identifier Using the Merchant Domain registered under the new Identifier and the Apple Pay Merchant Identity Certificate issued from the new Identifier, we attempted to obtain an Apple Pay session by sending requests to the following endpoint: https://apple-pay-gateway.apple.com/paymentservices/startSession However, we are intermittently receiving failure responses with an HTTP 400 status code. With regard to these intermittent failures, we would like to inquire whether there is any propagation delay on Apple’s servers when an Apple Pay Identifier is removed and re-registered under a new account, or if there could be any other possible causes for this behavior. We would appreciate your guidance on this matter.

Hello, I'm trying to make changes to my website's apple pay flow and an unable to verify if the flow works because I get the following error in the console when trying to pay: TypeError: undefined is not an object (evaluating 'applePaySession.completeMerchantValidation') By following this error message, I try to setup an ngrok proxy to verify my local development domain and that fails as well even though as you can see, the file does actually exist. Can anyone help with A) giving me a different way to develop locally aka having a "successful" apple pay payment so I can verify my website's flow after payment or B) help me figure out why the domain verification is failing. Thanks!

We are facing an issue with Apple Pay address details while customers are placing orders on our production site. By default, the following values are being passed during checkout: First Name: ApplePay Last Name: Express Address: ApplePay Street When we manually enter these same details, our validation correctly prevents the order from being placed and displays an appropriate error message. However, on our production site, real customers are still able to successfully place orders with these exact details. Could you please help us understand: How these orders are being allowed to proceed despite the validation? Is this behaviour expected from Apple Pay ? How can we prevent orders from being placed with such placeholder address details? Please let us know if you need any additional information from our side. We have also attached an image showing the address details and the corresponding order number for reference. Thanks in advance for your support.

We are implementing Apple Pay on our website, but we only sell services and would prefer that the shipping address section of the Apple Pay modal doesn't require the shipping address and just show the billing address. Is there any way to achieve this?

I’m having an issue verifying a domain for a Merchant ID. I’m implementing Apple Pay on the web for a demo, and I’ve configured the Azure server to match Apple’s requirements for domain verification, such as the TLS configuration, not requiring client certificates, and ensuring there are no redirects. I’ve run tests with OpenSSL and PowerShell and all responses return HTTP/1.1 200 OK. I also tested the URL Apple says it uses to validate the file under .well-known, and it does show the expected result. I already have the Apple Pay Payment Processing Certificate and the Apple Pay Merchant Identity Certificate approved; the only thing missing is the domain verification. I’m not sure what else to test—if you could help me with a possible solution, I’d really appreciate it. (The project is built in .NET 8 and hosted on Azure App Service.)

Hi, Somebody knows how to decode / decrypt emvData on Apple Pay e-commerce when paymentDataType=EMV? Thanks. Reference: https://developer.apple.com/documentation/passkit/payment-token-format-reference#Detailed-payment-data-keys-EMV

Hello, We are implementing Apple Wallet extensions (PKIssuerProvisioningExtensionHandler). While our UI extension works as expected, our Non-UI extension is unable to detect payment passes provisioned by our app. Specifically, PKPassLibrary().passes(of: .secureElement) returns an empty array when called from the Non-UI extension, even though the same call correctly returns the passes when executed from the Main iOS App. Our Payment Network Operator has confirmed that our extension bundle identifiers are correctly registered in the metadata on their side. They suggested that the Wallet Extensions entitlement (com.apple.developer.payment-pass-provisioning) may require additional backend enablement for these specific Extension App IDs. Is there a known reason why PKPassLibrary would behave differently in the Non-UI extension vs the Main App? Beyond the standard entitlement request, is there a specific process to "activate" these IDs for extension visibility? Does anyone have guidance on reaching the appropriate team for backend entitlement activation issues? Any insights would be greatly appreciated.

Hi :) I'm new to app store connect, and I just want to verify what does it take to be able to test subscription for a new app that isn't approved yet using sandbox? Or is this not possible that the app has to be approved first? More context below: My app is a new app, I only submitted for review and I linked the subscription from the app’s In-App Purchases and Subscriptions section on the version page when submit it for review. It got rejected for now. When the app review status is both in-review and rejected, I've tried to test my subscription, where there is a button (like "subscribe"/"become a member") in my app that user can click on, which it calls ios's IAPProvider.startMembershipPurchase, I just get Error: [IAPService] Product not found: [<my_subscription_id>]. I ensured my subscription's product id in app store connect matches with the one in my code. I can see the "rejected" status both on my app and the subscription. So can anyone help clarify if the app has to be approved first in order to test subscription? Or am I missing any other setup? Or it might just be my code? Thanks in advance! Any info is super helpful!